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Amendment dated August 19, 2005 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listing of claims in the 
application. 

Listing of Claims: 

1 . (Canceled) 

2. (Previously Presented) A method for evaluating security applied to a 
system constituted by at least one component, by the use of an electronic computer, 
the method comprising steps of: 

a first step of accepting a first specification of a system to be evaluated and a 
second specification of each of the components constituting the system, from an 
operator via an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which constituent 
components and security countermeasures to be executed to the constituent 
components are described for each type of system, and of reading out security 
countermeasures to be executed to the components constituting the system vyhich 
are specified by the second specification, out of the constituent components of the 
system type, the system type corresponding to that of the system which is specified 
by the first specification; 

a third step of displaying on a display unit connected to the electronic 
computer, the security countermeasures read out in the second step in , 
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correspondence with each of the components constituting the system which are 
specified by the second specification and of accepting from the operator via the input 
unit, information as to whether or not each of the security countermeasures being 
displayed is executed; and 

a fourth step of evaluating a state of security of the system, based on the 
information regarding whether the security countermeasures of the components 
constituting the system are executed or not, the information being accepted in the 
third step, and of displaying evaluation results on the display unit, 

wherein the database describes, as to each of the security countermeasures, 
a security type ensured by executing the security countermeasure concerned, and 
wherein 

the fourth step includes steps of: 

classifying the security countermeasures , which are read out in the second 
step, into the security types; 

determining, as to each of the security types, the ratio of the number of 
security countermeasures accepted as executed in the third step, to the number of 
security countermeasures classified into the security type concerned; and 

displaying on the display unit the ratio for each of the security types as the 
degree of accomplishment of the security countermeasures classified into the 
security type concerned. 
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3. (Previously Presented) A method for evaluating security applied to a 
system constituted by at least one component, by the use of an electronic computer, 
the method comprising steps of: 

a first step of accepting a first specification of a system to be evaluated and a 
second specification of each of the components constituting the system, from an 
operator via an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which constituent 
components and security countermeasures to be executed to the constituent 
components are described for each type of system, and of reading out security 
countermeasures to be executed to the components constituting the system which 
are specified by the second specification, out of the constituent components of the 
system type, the system type corresponding to that of the system which is specified 
by the first specification; 

a third step of displaying on a display unit connected to the electronic 
computer, the security countermeasures read out in the second step in 
correspondence with each of the components constituting the system which are 
specified by the second specification and of accepting from the operator via the input 
unit, information as to whether or not each of the security countermeasures being 
displayed is executed; and 

a fourth step of evaluating a state of security of the system, based on the 
information regarding whether the security countermeasures of the components 
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constituting the system are executed or not, the information being accepted in the 
third step, and of displaying evaluation results on the display unit, 

wherein the database describes, as to each of the security countermeasures, 
a security type ensured and the degree of risk avoided, by executing the security 
countermeasure concerned, and wherein 

the fourth step includes steps of; 
. classifying , the security countermeasures, which are read out in the second 
step, into the security types; 

determining, as to each of the security types, the total sum of the degrees of 
risks corresponding to the security countermeasures accepted as non-executed in 
this third step, out of the security countermeasures classified into the security type 
concerned; and displaying on the display unit the total sum of the degrees of risks for 
each of the security types as the degree of the remaining risk of the security 
countermeasures classified into the respective security types. 

4. (Previously Presented) A method for evaluating security applied to a 
system constituted by at least one component, by the use of an electronic computer, 
the method comprising steps of: 

a first step of accepting a first specification of a system to be evaluated and a 
second, specification of each of the components constituting the system, from an 
operator via an input unit connected to the electronic computer; 
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a second step of retrieving data from a database in which constituent 
components and security countermeasures to be executed to the constituent 
components are described for each type of system, and of reading out security 
countermeasures to be executed to the components constituting the system which 
are specified by the second specification, out of the constituent components of the 
system type, the system type corresponding to that of the system which is specified 
by the first specification; 

a third step of displaying on a display unit connected to the electronic 
computer, the security countermeasures read out in the second step in 
correspondence with each of the components constituting the system which are 
specified by the second specification and of accepting from the operator via the input 
unit, information as to whether or not each of the security countermeasures being 
displayed is executed; and 

a fourth step of evaluating a state of security of the system, based on the 
information regarding whether the security countermeasures of the components 
constituting the system are executed or not, the information being accepted in the 
third step, and of displaying evaluation results on the display unit, 

wherein the database describes, as to each of the security countermeasures, 
a security type ensured and a cost required, by executing the security 
countermeasure concerned, and wherein 

the fourth step includes steps of: 
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classifying the security countermeasures, which are read out in the second 
step, into the security types; 

determining, as to each of the security types, the total sum of the costs 
corresponding to the security countermeasures accepted as executed in the third 
step, out of the security countermeasures classified into the security type concerned; 
and displaying on the display unit, the total sum of the costs for each of the security 
types as the required cost of the security countermeasures classified into the security 
type concerned. 

5-6. (Canceled) 

7. (Previously Presented) A storage medium in which a program for making 
an electronic computer evaluate security of a system constituted by at least one 
component is stored, the program making the electronic computer execute^ steps of: 

a first step of accepting a first specification of a system to be evaluated and a 
second specification of each of the components constituting the system, from an 
operator via an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which constituent 
components and security countermeasures to be executed to the constituent 
components are described for each type of system, and of reading out security , 
countermeasures to be executed to the components constituting the system which 
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are specified by the second specification, out of the constituent components of the 
system type, the system type corresponding to that of the system which is specified 
by the first specification; 

a third step of displaying on a display unit connected to the electronic 
computer, the security countermeasures read out in the second step in 
correspondence with each of the components constituting the system which are 
specified by the second specification and of accepting from the operator via the input 
unit information as to whether or not each of the security countermeasures being 
displayed is executed; and 

a fourth step of evaluating a state of security of the system, based on the 
information regarding whether the security countermeasures to the components 
constituting the system are executed or not, the information being accepted in the 
third step, and of displaying evaluation results on the display unit, 

, wherein the database describes, as to each of the security countermeasures, 
a security type ensured by executing the security countermeasure concerned, and 

wherein the fourth step includes steps of: 

classifying the security countermeasures , which are read out in the second 
step, into the security types; 

determining, as to each of the security types, the ratio of the number of . 
security countermeasures accepted as executed in the third step, to the number of 
security countermeasures classified into the security type concerned; and 



Appl. No. 09/628,108 

Amendment dated August 19, 2005 



TSM-13 



displaying on the display unit the ratio for each of the security types as the 
degree of accomplishment of the security countermeasures classified into the 
security type concerned . 

8. (Currently Amended) A program stored on a computer readable storage 
medium for making an electronic computer evaluate security of a system constituted 
by at least one component, the program making the electronic computer execute 
steps of: 

a first step of accepting a first specification of a system to be evaluated and a 
second specification of each of the components constituting the system, from an 
operator via an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which constituent 
components and security countermeasures to be executed to the constituent 
components are described for each type of system, and of reading out security 
countermeasures to be executed to the components constituting the system which 
are specified by the second specification, out of the constituent components of the 
system type, the system type corresponding to that of the system which is specified 
by the first specification; 

. a third step of displaying on a display unit connected to the electronic 
computer, the security countermeasures read out in the second step in 
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correspondence with each of the components constituting the system which are 
specified by the second specification, and of accepting from the operator via the 
input unit, information as to whether or not each of the security countermeasures 
being displayed is executed; and 

a fourth step of evaluating a state of security of the system, based on the 
information regarding whether the security countermeasures to the components 
constituting the system are executed or not, the information being accepted in the 
third step, and of displaying evaluation results on the display unit 

wherein the database describes, as to each of the security countermeasures, 
a security type ensured by executing the security countermeasure concerned, and 

wherein the fourth step includes steps of: 

classifying the security countermeasures , which are read out in the second 
step, into the security types; 

. determining, as to each of the security types, the ratio of the number of 
security countermeasures accepted as executed in the third step, to the number of 
security countermeasures classified into the security type concerned; and 

displaying on the display unit the ratio for each of the security types as the 
degree of accomplishment of the security countermeasures classified into the 
security type concerned . 

9-16. (Canceled) 
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17. (Previously Presented) A storage medium in which a program for making 
an electronic computer evaluate security of a system constituted by at least one 
component is stored, the program making the electronic computer execute steps of: 

a first step of accepting a first specification of a system to be evaluated and a 
second specification of each of the components constituting the system, from an 
operator via an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which constituent 
components and security countermeasures to be executed to the constituent 
components are described for each type of system, and of reading put security 
countermeasures to be executed to the components constituting the system which 
are specified by the second specification, out of the constituent components of the 
system type, the system type corresponding to that of the system which is specified 
by the first specification; 

, a third step of displaying on a display unit connected to the electronic 
computer, the security countermeasures read out in the second step in 
correspondence with each of the components constituting the system which are 
specified by the second specification and of accepting from the operator via the input 
unit information as to whether or not each of the security countermeasures; being 
displayed is executed; and 
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a fourth step of evaluating a state of security of the system, based on the 
information regarding whether the security countermeasures to the components 
constituting the system are executed or not, the information being accepted in the 
third step, and of displaying evaluation results on the display unit, 

wherein the database describes, as to each of the security countermeasures, 
a security type ensured and the degree of risk avoided, by executing the security 
cduntermeasure concerned, and wherein 

the fourth step includes steps of; 

classifying the security countermeasures, which are read out in the second 
step, into the security types; 

determining, as to each of the security types, the total sum of the degrees of 
risks corresponding to the security countermeasures accepted as non-executed in 
the third step, out of the security countermeasures classified into the security type 
concerned; and displaying on the display unit the total sum of the degrees of.risks for 
each of the security types as the degree of the remaining risk of the security 
countermeasures classified into the respective security types. 

18. (Currently Amended) A program stored on a computer readable storage 
medium for making an electronic computer evaluate security of a system constituted 
by at least one component, the program making the electronic computer execute 
steps of: 
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a first step of accepting a first specification of a system to be evaluated and a 
second specification of each of the components constituting the system, from an 
operator via an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which constituent 
components and security countermeasures to be executed to the constituent 
components are described for each type of system, and of reading out security 
countermeasures to be executed to the components constituting the system Which 
are specified by the second specification, out of the constituent components of the 
system type, the system type corresponding to that of the system which is specified 
by the first specification; 

a third step of displaying on a display unit connected to the electronic 
computer, the security countermeasures read out in the second step in 
correspondence with each of the components constituting the system which are 
specified by the second specification, and of accepting from the operator via the 
input unit, information as to whether or not each of the security countermeasures 
being displayed is executed; and 

a fourth step of evaluating a state of security of the system, based on the 
information regarding whether the security countermeasures to the components 
constituting the system are executed or not, the information being accepted in the 
third step, and of displaying evaluation results on the display unit 




Appl. No. 09/628,108 TSM-13 
Amendment dated August 1 9, 2005 

wherein the database describes, as to each of the security countermeasures, 
a security type ensured and the degree of risk avoided, by executing the security 
countermeasure concerned, and wherein 

the fourth step includes steps of; 

classifying the security countermeasures, which are read out in the second 
step, into the security types; 

, determining, as to each of the security types, the total sum of the degrees of 
risks corresponding to the security countermeasures accepted as non-executed in 
the third step, out of the security countermeasures classified into the security type 
concerned; and displaying on the display unit the total sum of the degrees of risks for 
each of the security types as the degree of the remaining risk of the security 
countermeasures classified into the respective security types. 



19. (Currently Amended) A program stored on a computer readable storage 
medium for making an electronic computer evaluate security of a system constituted 
by. at least one component, the program making the electronic computer execute 
steps pf:, ... .... 

a. first step of accepting a first specification of a system to be evaluated and a 
second specification of each of the components constituting the system, from an 
operator via an input unit connected to the electronic computer; 
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a second step of retrieving data from a database in which constituent 
components and security countermeasures to be executed to the constituent 
components are described for each type of system, and of reading out security 
countermeasures to be executed to the components constituting the system which 
are specified by the second specification, out of the constituent components of the 
system type, the system type corresponding to that of the system which is specified 
by the first specification; 

a third step of displaying on a display unit connected to the electronic 
computer, the security countermeasures read out in the second step in 
correspondence with each of the components constituting the system which are 
specified by the second specification, and of accepting from the operator via the 
input unit, information as to whether or not each of the security countermeasures 
being displayed is executed; and 

a fourth step of evaluating a state of security of the system, based on the 
information regarding whether the security countermeasures to the components 
constituting the system are executed or not, the information being accepted in the 
third step, and of displaying evaluation results on the display unit 

. wherein the database describes, as to each of the security countermeasures, 
a security type ensured and a cost required, by executing the security 
countermeasure concerned, and wherein 
, the fourth step includes steps of: 
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classifying tine security countermeasures, which are read out in the second 
step, into the security types; 

determining, as to each of the security types, the total sum of the costs 
corresponding to the security countermeasures accepted as executed in the third 
step, out of the security countermeasures classified into the security type concerned; 
and displaying on the display unit, the total sum of the costs for each of the security 
types as the required cost of the security countermeasures classified into the security 
type concerned. 
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